containers icon indicating copy to clipboard operation
containers copied to clipboard

Published 20 hours ago verified publisher icon bitnami

[bitnami/redis] Setting the server password on first run

Open dominikkrulak opened this issue 2 years ago • 7 comments

Name and Version

bitnami/redis:7.0.4-debian-11-r16

What steps will reproduce the bug?

Upgrading the image from an older version and it seems that the current redis image can't create password for default user.

Passing the REDIS_PASSWORD environment variable when running the image for the first time should set the Redis(R) server password to the value of REDIS_PASSWORD (or the content of the file specified in REDIS_PASSWORD_FILE).

services:
  redis:
  ...
    environment:
      - REDIS_PASSWORD=password123
  ...

What is the expected behavior?

No response

What do you see instead?

When I auth password123 in CLI I get

"ERR AUTH <password> called without any password configured for the default user. Are you sure your configuration is correct?"

Additional information

What I could:

  • set environment variable REDIS_ACLFILE=/opt/bitnami/redis/mounted-etc/users.acl
  • create users.acl file with following content user default on >password123 ~* &* +@all
  • uncoment aclfile in redis.config file and set it to aclfile /opt/bitnami/redis/mounted-etc/users.acl

That would create the password for default user and solve my application connection issue.

dominikkrulak avatar Sep 14 '22 08:09 dominikkrulak

Hi @dominikkrulak

I am trying to reproduce your issue but I haven't got luck. These are the steps and result I've got

fmulero:/ $ docker run --name redis --rm -d -e REDIS_PASSWORD=password123 bitnami/redis:7.0.4-debian-11-r16
0b5416dfe5945e3e4272c21f803bd68a72fcc0c5e231988425602201c71d55d6
fmulero:/ $ docker exec -it redis bash
I have no name!@0b5416dfe594:/$ redis-cli 
127.0.0.1:6379> auth password123
OK
127.0.0.1:6379>

Am I doing something wrong? Did I miss any step?

fmulero avatar Sep 15 '22 07:09 fmulero

Hello @fmulero

Thank you for the respond! Thing is that I'm running it using docker-compose command.

I tried, retried, pruned builder cache but I always get "ERR AUTH <password> called without any password configured for the default user. Are you sure your configuration is correct?"

I was able to build the image using docker command successfully though.

Maybe I post my docker-compose.yml file here:

version: '3.8'
    services:
    redis:
        env_file: .env
        build: ./docker-images/redis/7.0
        image: redis:7.0.4
        container_name: ${SERVICE_REDIS_CONTAINER_NAME}
        hostname: ${SERVICE_REDIS_HOSTNAME}
        networks:
            - backend
        ports:
            - "${SERVICE_REDIS_CONTAINER_PORT}:${SERVICE_REDIS_CONTAINER_PORT}"
        volumes:
            # Redis volume
            - type: volume
              source: craft-redis-7
              target: /bitnami/redis/data
            # Redis configuration files
            - type: bind
              source: ./docker-images/redis/7.0/config/redis.conf
              target: /opt/bitnami/redis/mounted-etc/redis.conf
#            - type: bind
#              source: ./docker-images/redis/config/users.acl
#              target: /opt/bitnami/redis/mounted-etc/users.acl
        environment:
            # ALLOW_EMPTY_PASSWORD is recommended only for development.
            # - ALLOW_EMPTY_PASSWORD=yes
            - REDIS_PASSWORD=${SERVICE_REDIS_PASSWORD}
            - REDIS_DISABLE_COMMANDS=FLUSHDB,FLUSHALL,CONFIG
            #- REDIS_ACLFILE=/opt/bitnami/redis/mounted-etc/users.acl
        restart: unless-stopped

dominikkrulak avatar Sep 19 '22 14:09 dominikkrulak

I see you have been doing some tests with ACLs Could you have something stored about that in the volume craft-redis-7? Could you prune it?

fmulero avatar Sep 20 '22 09:09 fmulero

I've started using ACL way after docker-compose couldn't create password on first run.

Every time docker-compose was used to build Redis image it stared from scratch. Pruned builder cache, new volume, new image. So previously built image and volume were deleted to avoid obvious.

dominikkrulak avatar Sep 20 '22 12:09 dominikkrulak

Hello @dominikkrulak ,

The problem here is that you are mounting the redis.conf file:

            # Redis configuration files
            - type: bind
              source: ./docker-images/redis/7.0/config/redis.conf
              target: /opt/bitnami/redis/mounted-etc/redis.conf

You would need to edit ./docker-images/redis/7.0/config/redis.conf and add the following parameter:

requirepass YOUR_PASSWORD

dgomezleon avatar Sep 21 '22 14:09 dgomezleon

Hello @dgomezleon

Well that worked! So docker's variable REDIS_PASSWORD does the same as directive requirepass in redis.conf with only difference that requirepass precedes REDIS_PASSWORD? Or that's not true and they need both to be set? Because I usually copy any config files during image build in case I don't mount a volume with those files. The same thing I did with redis image and than bind-mounted redis.conf file just for learning to see what's what.

I'm glad for your last comment!

dominikkrulak avatar Sep 23 '22 07:09 dominikkrulak

Hi @dominikkrulak,

I'm happy it helped. Our logic adds that directive into redis.conf file is you set REDIS_PASSWORD. However, we don't edit the configuration file if you mount it.

    ...
    # User injected custom configuration
    if [[ -e "${REDIS_MOUNTED_CONF_DIR}/redis.conf" ]]; then
        if [[ -e "$REDIS_BASE_DIR/etc/redis-default.conf" ]]; then
            rm "${REDIS_BASE_DIR}/etc/redis-default.conf"
        fi
        cp "${REDIS_MOUNTED_CONF_DIR}/redis.conf" "${REDIS_BASE_DIR}/etc/redis.conf"
    else
        info "Setting Redis config file"
        ...
        if [[ -n "$REDIS_PASSWORD" ]]; then
            redis_conf_set requirepass "$REDIS_PASSWORD"
        else
            redis_conf_unset requirepass
        fi
        ...
    fi
}

dgomezleon avatar Sep 23 '22 10:09 dgomezleon

Hi @dgomezleon

That is clear enough!

Thank you

dominikkrulak avatar Sep 26 '22 08:09 dominikkrulak